Using IAM, you can create user identities ("IAM users") and assign custom permissions sets (“IAM policies”) to those users. This allows you to grant each user access only to the services, resources, and information they need to perform their tasks. Each user can also be assigned individualized security credentials, access keys, and multi-factor authentication devices.

You can also integrate IAM policies and permissions with directories you already manage (for example, Microsoft Active Directory, AWS Directory Service, or an OpenID Connect provider). For more information, see Identity Providers and Federation.

You can interact with IAM through the web-based IAM console, the AWS Command Line Interface, or the AWS API or SDKs. IAM is offered at no additional charge. For more information on how to get started with IAM, see Getting Started.